Posted
by
samzenpus
on Monday April 13, 2009 @05:46PM
from the you're-both-pretty dept.

narramissic writes "Sun Microsystems' chief open source officer, Simon Phipps, said in an April 11 blog post that Google committed a major transgression by only including support for a subset of Java classes in its App Engine development platform. 'Whether you agree with Sun policing it or not, Java compatibility has served us all very well for over a decade,' Phipps wrote. 'That includes being sure as a developer that all core classes are present on all platforms. Creating subsets of the core classes in the Java platform was forbidden for a really good reason, and it's wanton and irresponsible to casually flaunt the rules.' Phipps characterized his remarks as non-official, saying: 'This isn't something I could comment on on Sun's behalf. My personal comments come purely from my long association with Java topics.'"

'Whether you agree with Sun policing it or not, Java compatibility has served us all very well for over a decade,' Phipps wrote. 'That includes being sure as a developer that all core classes are present on all platforms. Creating subsets of the core classes in the Java platform was forbidden for a really good reason, and it's wanton and irresponsible to casually flaunt the rules.'

The real problem is that Google created their own version of Java ME. Instead of sticking with the existing standard, they came up with their own.

Since AppEngine, Google's cloud platform is (while, like mobile devices, a different environment from the standard desktop or server environment for which the Java Standard Library is designed) not a mobile platform, and doesn't have the same constraints that shape the development of Java ME, it's not surprising that they did something different.

OTOH, the justification is the same for having Java ME when Java SE already exists: the environment in which AppEngine Java is being used is very different from that for which SE was conceived, putting unique constraints on it.

I think that Phipps is upset because Sun is in the process of gearing up their own cloud services, and the last thing they want is Google's Java support drawing enterprise interest to AppEngine while they try to get Sun's cloud service off the ground.

What Google should have done was engage in the JCP to define a new profile for supported "device", along the lines of the CDC/CLDC and MIDP. At least that way it would have been within the framework of practice understood and used by Java developers. Instead, Google just said "here's what's available", without tying into any of the already available accepted ways of defining a subset of Java.

This actually looks a lot like what Microsoft got in trouble for with their MS Java.

What Google should have done was engage in the JCP to define a new profile for supported "device", along the lines of the CDC/CLDC and MIDP. At least that way it would have been within the framework of practice understood and used by Java developers.

I really don't think that Java developers have much trouble understanding or using a clearly defined subset of existing functionality.

This actually looks a lot like what Microsoft got in trouble for with their MS Java.

What Microsoft did was create an incompatible implementation of core Java classes, supporting similar features but requiring different behavior with the same classes. This has much more serious negative impact than implementing a well-defined subset, since the former makes it hard to move code either way between implementations, and the latter (what Google is doing) makes it very easy to move code off the non-standard implementation (AppEngine) and onto a standard implementation, but somewhat challenging to move code using the unsupported features from the standard implementation onto the non-standard one.

It's actually a really bad thing to do if you want to create lock-in to your non-standard implementation, since it does nothing to keep people from moving off your platform, but makes it harder than supporting the standard would for them to move on to your platform.

Microsoft didn't actually leave anything out of the APIs for their version of Java, they just made sure that their implementation of AWT sucked even more than Sun's and provided their own proprietary UI API which they promoted heavily. When Sun introduced Swing, a UI framework that sucked a bit less, in Java 2, MS stuck with Java 1.1 and promoting their own framework. If Microsoft had played along, Windows users at least might have had a version of Swing that didn't suck back in Java 1.3 days instead of hav

The bigger problem with J++ was that Microsoft extended the language to provide delegates (IIRC), and that feature emitted illegal JVM opcodes. This made J++ source+binary incompatible with Sun Java in a manner that couldn't be resolved without junking all the Windows extensions. Therefore they lost the lawsuit and it ultimately cost them hundreds of millions of dollars.

Microsoft goes out and deliberately tries to subvert standards by creating implementations that are slightly off, thus preventing anything written for them from being easily portable to another implementation.

Google has gone and created an implementation that works exactly according to spec, except leaving out items which don't make sense in the app model they use. It would be extremely trivial to port something written for Google's implementation to anything else standard compliant.

This is about as similar to Microsoft as a blizzard in the Alps is to a sunny day in Cuba.

The point is actually this: If I (or someone else) write a program in GoogleJava (or whatever you want to call it) and said program runs, I can take that same source and compile it under Java standard edition, with no refactoring, and it will run exactly the same (AFAIK). Try doing that with MS Java (no refactoring allowed!).

No, you don't understand - 'flaunt' doesn't mean what you think it does. You flaunt wealth (that you have) and flout rules (that you despise/ignore).

Of course, people got this wrong enough that even the dictionary grudgingly gives flaunt the alternate meaning of 'ignore'.

No, I got it right, and you have no sense of humor.. He's flaunting his (Sun's) rules, making poor google feel bad about itself. It's an alternate explanation of the meaning of that sentence, with the assumption that the guy typed exactly what he meant.

I think Sun is jealous, they have been pushing grid computing for ages and it's been a flop for them. Google is most likely going succeed here, especially with a "good enough" solution which no doubt pisses of Sun/Sun employees (who have a tendency to go for the engineering "ideal" solution which often results in a very nice and extremely pricey product). Witness the container computing stuff, Sun is making a big deal about seismic tests, and Google is quietly deploying hundreds of these things in their data centers.
Sun seismic test [youtube.com] vs. Google data center tour [youtube.com].
I bet for most of us Google's Java AppEngine implementation will be "good enough".

I hate it when people make snide comments about high quality engineering. Yes, it is possible to hack together a "good enough" system that is fine for consumers and some businesses, but for a lot of applications, a well engineered system is important. In the case of the containers, there are plenty of reasons why you might want to know the seismic test results: maybe you are deploying the container to replace some emergency services IT infrastructure in an earthquake zone, and need to be ready for afters

It wasn't meant to be snide. I was more trying to point out that not all of us need seismically tested/milspec/whatever gear. A shipping container sitting in the midwest is probably not going to experience an earthquake (now what they do to it during shipping is another story and I suspect you'd want something pretty robust for that). The other aspect of my comment was that while Sun is out making a lot of noise Google is quietly doing it, which is probably going to lead to success more than making PR type

As someone who personally loves the Java platform, I honestly think he's making a mountain out of a molehill. As far as I've been able to tell so far, the Google App Engine supports the Java platform in its entirety, with a few caveats. Those caveats deal with the services Google offers (e.g. no JDBC accessible database) and the sandbox the apps run in (e.g. no network support, no filesystem).

AFAICT, there's nothing stopping me from, say, writing a JDBC access layer for their Data Store. Which means that Google is keeping with the spirit of the platform, and that this is mostly just a misunderstanding.

If you want real problems, try running Java apps on a shared hosting provider sometime. The limitations of those sites will have you shouting praise for what Google is offering.

Um... no. They're not supporting Threads for a start - which is pretty major. I had a read of the exclusions a while back and there were some significant omisions. I'd list them if I could find the page again, but no luck I'm afraid.

That would be their locked-down sandbox. You can accomplish the same thing in vanilla Java with a security manager. (Which for all we know, they did. I haven't tried yet.) If the security manager doesn't allow it, you're not using it. Period, end of story.

You may note that everything Google has locked down is either controlled by the security manager or is simply an API to access a service that they don't provide.

You can accomplish the same thing in vanilla Java with a security manager. (Which for all we know, they did. I haven't tried yet.) If the security manager doesn't allow it, you're not using it. Period, end of story.

I'd really like to know if this is the case. Everything I've read in the list seems to me to be something a security manager could potentially block anyways. I'd like to know if they're throwing a SecurityException in these situations or not.

Ummm, even Sun says you should not be launching threads inside of JEE containers. Or writing to the file system for that matter. In fact, most of Google's restrictions are identical to Sun's own restrictions for JEE, the only difference is, Sun didn't make it mandatory, and now they're complaining that Google are (because they have to actually host these things in a sane and manageable way).

The only thing that really irks me is no socket connections. Making HTTP the only avenue for network I/O, and even

Following/. tradition, I have not looked at the details, but that won't stop me from commenting here...:)

As someone who has been writing Java since '99, I have to say if even Threads is not supported, it is a big issue.

There is a reason why the Core class are called "Core", every Java library expects the Core classes are there. If we now have a popular Java platform that only have a subset of the Core classes, it will cause a lot of headaches down the road, eventually fragmenting the "Java" platform.

Um... no. They're not supporting Threads for a start - which is pretty major.

A major improvement. It's now accepted on concurrency wonks (including, no especially, the ones at Sun and Google) that Threads is a disaster. Sun itself would much prefer that everybody switch to the new Concurrency classes [sun.com], which are not only much more reliable, but a lot easier to use.

The major problems with threads isn't the java.lang.Thread API, it's the shared-state model and the whole concept of threads in general. The new concurrent utilities are just that, utilities. You still have to be very careful about shared variables and locking. Once you have two threads running you have to be sure that every single line of code that they call is thread-safe. Good luck with that.

Yeah, it's nice to have the utility classes to help avoid a few bugs, but they aren't the panacea you're making

That's all you've done in your replies. I said it was a minor improvement to start with, and told you the reasons why it was minor. I pointed out how your initial post gave a very wrong impression about what Google did versus the concurrent utilities. You haven't show any evidence that backed up your initial post. You sound like an inexperienced noob confusing Javascript with Java with regards to threading.

I've just realized that this whole argument is about a hypothetical. The Google white list does include Threads. Too bad.

You're confusing threads (in the generic sense) with Threads (the Java data type). You can't have multithreading without threads (duh!) but you can easily dispense with Threads as part of the official API.

I'm no expert on this technology, but I do know a lot about the motivations behind the Concurrency classes. That's because I spent 2006 helping to update the Java Tutorial, and spent a lot of time getting indoctrinated by the key people involved in this stuff, including Doug Lea.

Hmm, I did forget about Thread objects being part of the language. But that doesn't mean they have to be part of the public API. You just fiddle with the package declarations so that programmers can't declare or instantiate Thread objects. The Thread objects still exist, but they're only accessible via the Concurrency classes.

Except this is all getting a little weird. I suspect that the real status of Thread (and the other classes missing from the "White List") is "deprecated" rather than "deleted". So you

If you want real problems, try running Java apps on a shared hosting provider sometime. The limitations of those sites will have you shouting praise for what Google is offering.

The problem you're referring to is a well-known limitation of the java platform with a planned solution. The problem is that it's been stalled and hasn't made it past the JSR stage despite being first reviewed in 2001.

They did. It's part of the trademark license. You can not use the Java trademark without implementing all of the standard classes, the standard language features, and having your code certified as doing so (I think the last requirement is waived in some cases). If Google are calling their product Java then they may be in trouble. If they called it Google Instant Coffee (beta) then they're fine.

As I understand it sun was pulled between two conflicting forces. On the one hand with MS pushing.net they wanted java to be a first class citizen on linux. Otoh they wanted to keep control over java.

Being a first class citizen on linux basically requires being FOSS. If not your package will most likely be either excluded altogether or shunted off to some "non-free" repositry which is not enabled by default and likely has lower standards of maintinance.

Exactly. I can't help thinking that Java might have been a lot more pervasive and standardised by now (not to mention that the CLR probably wouldn't exist) if Sun had been more open with Java licensing years ago.

Was going to post about how J2ME does exactly what they complain about: "Creating subsets of the core classes in the Java platform was forbidden", well, Sun itself did it and let me tell you, it makes Java's already convoluted API a nightmare to work with, and is ridiculous when programming on a device such as a Blackberry.

RIM had to provide alternatives to some useful Java classes that are just not present in J2ME, turning Blackberry development into an incompatible and horrendous mess, negating all the be

Would we be screaming if it was Microsoft who did this, rather than Google? Yeah, we would be screaming, and rightly so. We'd be worried about Microsoft attempting to create an MS-only ghetto that they lock people into (though it's harder to see how they could do so with a subset, rather than with extensions like they tried last time).
We should subject MS to extra scrutiny - they have certainly earned it. But that doesn't mean that Google gets a pass. I know their motto is "Don't be evil", but that do

How does using a subset of java 'Lock you in' to google? You can take that implementation and go anywhere that has the full version of java available and install your app there. It will work with some configuration changes.

My guess is Google doesn't allow you to play with threads for performance reasons. The file i.o. is because of the system architecture. You need to write to a filesystem, you have to write to memcache.

As someone who is looking to write an app on the engine, some of their stuff bothers me,

As far as I have learnt from a few cursory glances at appengine, it does not offer a complete OS environment. It is severely sandboxed, probably as a measure of security. All classes that deal with those non-existing features can either be non-existing, or exception-generating stubs. Google choose for those classes to be non-existent. That is something different than creating this-environment-only classes and functions, like MS did with their corrupted java. But there are prominent links on the appengine homepage to submit your own featers and bugfixes, so maybe all these complainers can contribute patches instead of contributing whine?

OK, no Swing, no Corba etc. But I cannot see what part is missing for cloud computing (or any other algorithm. The collections classes (even the thread safe ones), all cryptographic stuff etc. The only thing that really seems to be missing is graphics (images). But for most cloud computing needs, this should be sufficient.

Anything else you may be able to import using the classes from the open source JDK anyway. As long as you don't create files etc. of course, thanks to the sandbox. And we're not talking about a release of another JDK or anything like that, in that case it would be a problem not to include the default functionality.

This seems to be a bit of a cheap shot. He should well know that you cannot display any personal opinions that are directly in his line of work, and then claim that they are not the opinions of his employer. Not in his position.

Replace those features with APIs that offer features only available on the Google's application server. (eg. google.io.*, google.threads.*, google.db.*, google.util.*, etc...)

Have developers write their code for your Google application server.

Snicker knowingly because you know that Java Servlet/JSP developers can and do use Threads and file systems and network access in their applications. In fact PHP developers use file systems all the time along with network access. Why do you snicker? Because you know they cannot simply copy their applications to Google App Engine without reimplementing it and creating a version JUST for Google App Engine. As the implementations are different and we know that developers time costs money($$$), managers will eventually have to decided whether to continue to support the open Servlets/JSP implementation (which could be ported to Tomcat, Resin, JBoss, or any others) or if they will just go with the Google App Engine version.

Laugh when they cannot port their applications out WITHOUT reimplementing all of the private APIs.

The following packages do not exist.
google.io.*
google.threads.*
google.db.*
google.util.*

If, in the future, google does add those libraries, I would fully expect them to be opensourced.

I can see how you misunderstood the posting. Please, let me help you.

I will do this in two parts:

[PART-1]
I am sure that you only missed the that I used "e.g." (what is an e.g.? [about.com]) in the above, otherwise you would not have made the mistake of thinking that it could have been referring to anything else other than an example being posited for the discussion.

Those names were examples... hypothetical, if you will.

Now that that is all cleared up, give the post a re-read... but only after reading PART-

Whatever Phipps' experience (of which I have no knowledge), he clearly doesn't comprehend Java security.
The whole key to safe code in networked environments is the use of security policies. That includes, in addition to "fine grained" access control over OS operations, the ability to restrict access to classes in the classloader mechanism.
This is the same stuff that happens whether you're doing applets in a web browser or a servlet in a web application container (including Sun's Glassfish).

A Google spokeswoman provided the following statement in response to a request for comment: 'We provide a Java 6 runtime environment in a secure sandbox. We committed to having as many standard Java tools and frameworks work with App Engine as possible, and hope to improve the product through the feedback of developers during our Early Look.'

You're right... I guess I didn't really think about where the money would come from. But, if anyone has any really expensive hardware sitting around that isn't flying off the shelf the way it used to, I would think it would be Sun. So, maybe they could put some of it to use building a cloud of their own. I've just always been of the school of thought that if you don't like how something is built, build your own.

While I agree that google is not Mr. Friendly, I'd be surprised if this particular move is about lock-in. Not because of any belief in google's virtue; but for basic technical reasons.

If you want lock-in, you create a superset of the competitor's platform, or a variant of the platform that behaves differently, then push people to use your proprietary features. Implementing a subset of the competitor's platform just raises the cost of porting to your implementation, and creates no barrier to moving from your implementation to others' implementations.

The java-subset thing seems like a bad idea; and I'd be curious to know why they did it; but I don't see how a platform subset is a good basis for a lock-in strategy.

The SandboxTo allow App Engine to distribute requests for applications across multiple web servers, and to prevent one application from interfering with another, the application runs in a restricted "sandbox" environment. In this environment, the application can execute code, store and query data in the App Engine datastore, use the App Engine mail, URL fetch and users services, and examine the user's web request and prepare the response.

An App Engine application cannot:

write to the filesystem. Applications must use the App Engine datastore for storing persistent data. Reading from the filesystem is allowed, and all application files uploaded with the application are available.

open a socket or access another host directly. An application can use the App Engine URL fetch service to make HTTP and HTTPS requests to other hosts on ports 80 and 443, respectively.

spawn a sub-process or thread. A web request to an application must be handled in a single process within a few seconds. Processes that take a very long time to respond are terminated to avoid overloading the web server.

make other kinds of system calls.

ThreadsA Java application cannot create a new java.lang.ThreadGroup nor a new java.lang.Thread. These restrictions also apply to JRE classes that make use of threads. For example, an application cannot create a new java.util.concurrent.ThreadPoolExecutor, or a java.util.Timer. An application can perform operations against the current thread, such as Thread.currentThread().dumpStack().

The FilesystemA Java application cannot use any classes used to write to the filesystem, such as java.io.FileWriter. An application can read its own files from the filesystem using classes such as java.io.FileReader. An application can also access its own files as "resources", such as with Class.getResource() or ServletContext.getResource().

Only files that are considered "resource files" are accessible to the application via the filesystem. By default, all files in the WAR are "resource files." You can exclude files from this set using the appengine-web.xml file.

java.lang.SystemFeatures of the java.lang.System class that do not apply to App Engine are disabled.

The following System methods do nothing in App Engine: exit(), gc(), runFinalization(), runFinalizersOnExit()

The following System methods return null: inheritedChannel(), console()

An app cannot provide or directly invoke any native JNI code. The following System methods raise a java.lang.SecurityException: load(), loadLibrary(), setSecurityManager()

ReflectionAn application is allowed full, unrestricted, reflective access to its own classes. It may query any private members, use java.lang.reflect.AccessibleObject.setAccessible(), and read/set private members.

An application can also also reflect on JRE and API classes, such as java.lang.String and javax.servlet.http.HttpServletRequest. However, it can only access public members of these classes, not protected or private.

An application cannot reflect against any other classes not belonging to itself, and it can not use the setAccessible() method to circumvent these restrictions.

Custom Class LoadingCustom class loading is fully supported under App Engine. Please be aware, though, that App Engine overrides all ClassLoaders to assign the same permissions to all classes loaded by your application. If you perform custom class loading, be cautious when loading untrusted third-party code.

So I would say the reasons behind their decision would boil down to "cutting out the stuff that isn't compatible with the model the App Engine uses to run things".

Sounds like they should have specified a security model that would forbid certain classes and method rather than simply removing classes. Or was that too hard for Google's engineers? As a developer, would you rather have you application fail to run, or throw a completely bizzare ClassNotFoundException: java.lang.System, or run but throw an informative SecurityException when it tried to call System.exit()?

If you are developing for the App Engine, does it matter the flavor of the error? If you aren't developing for the App Engine and you are just looking to port something you've already written over, shouldn't you be reading the documentation concerning it first?

Developer-wise, this should be a non-issue. Unless you were expecting things to just plug in directly, coding to match how the App Engine works was a given anyway.

I agree with the others who opine that this is simply sour grapes from someone too late

Well sure, If you're re-using a standard library it may have handling for the security exception chain and either fail gracefully or work with limited functionality.

If a JDK class is missing and the library class you want to use references it the code won't even run with an UnsatisfiedLinkError. That is a HUGE difference.

Another case where the library class references a missing JDK class but the use of the library class you're using never touches the forbidden code. In that case you again get a UnsatisfiedLinkError. If the use of the JDK class was just restricted by a security policy you only get the security exception if you actually call the API, a much better alternative.

Imagine that you use some 3rd party library that includes code for caching to disk. Since you know you can't write to disk on the AppEngine, you disable caching in the configuration. But the UnsatisfiedLinkError is still there.

Except you're not going to get compile time errors from the third party library you're using since it is already compiled, you're still stuck with the ugly runtime UnsatisfiedLinkErrors. The JDK has features to support what Google wants to do built in specifically for this case and they really aren't very complicated to use.

Well yes, it does. From reading that list, it seems that all of these things that they want to "change" already allow for the changing through a security manager (as the GP mentioned). See, the whole point of Java is that you shouldn't be coding to each custom environment. And, security restrictions are something that any competent developer should be taking into account when writing his code. Therefore, if the environment fails in a somewhat expected, valid manner, developers can (and should) account f

And given the SDK they point you to is Sun's and this is Google, how unlikely is it that the things being complained about are actually being managed by a security manager and not actually missing. I.E. Communication error.

I'm not sure what you mean. The complaints seem to indicate that you'll get things such as "NoClassDefFoundError" and the like, rather than the more appropriate "SecurityException". As to which one actually happens, I don't know. The point is that a developer, developing an application for Java, should not have to concern himself whatsoever with NoClassDefFoundErrors when interacting with standard jvm classes. He SHOULD however, be concerned with potentially encountering SecurityExceptions.

Agreed, And not being a Java developer I have no way of knowing the truth of whether Google did it the 'right' way or not other than asking. However, the only complainer I've actually seen is someone from Sun, a company who has a vested interest in making whatever Google did look bad and not a stellar rep with me for saying things 100% on the up and up all the time.

Additionally, I don't see anywhere in the 'official' statements indicating that Google actually removed anything in the breaking sense. Google's

I did go to Google review the App Engine Java documentation, what there is of it. It's not clear if a class like java.lang.System (which is whitelisted, btw) locked through security policy or simply re-implemented in some crippling way. A bit of a failure to provide clear guidelines on Google's part, but becomes a real development problem because they've already stated their Java doesn't conform. Programmers are left guessing or having to find out through failure what the actual behavior is.

It's not the restrictions, it's the implementation. Normally, existing Java code could just be compiled on the embedded system, and compiler errors would specifically identify security reasons for specific classes/methods/etc being disabled. Google removed the classes entirely, so the developer will just get IDontKnowWTFThatClassIs exceptions instead, which are less informative.

It also contravenes existing standards, sort of like making "dangerous" files invisible to unprivileged users in *NIX (via some sort of arcane black magic, perhaps a modified (munged) shell or something...) instead of just setting appropriate file permissions.

The java-subset thing seems like a bad idea; and I'd be curious to know why they did it; but I don't see how a platform subset is a good basis for a lock-in strategy.

Yeah, this is garbage. Watch the "campfire" videos, a boringly large part of the presentations is given over to how you are not locked in, because AppEngine exposes the standard Java servlet container and database access APIs even though it's based on BigTable which is not a standard database. They show how the guestbook app can be taken right across to run on WebSphere with no code changes. The design of Java on AppEngine is pretty much the opposite of lockin - they've clearly put a lot of effort into ensuring a very, very different underlying system can export the standard Java APIs.

As to why it's a subset, I guess the same logic as applied to the Python implementation which is also a subset - due to the way it works the classes need to be audited for security problems. Some of the Java APIs contain native code which probably has to be rewritten or at least very carefully audited to ensure you can't break out of the sandbox. And some I guess just aren't that useful. But I don't really know the reason.

While I agree that google is not Mr. Friendly, I'd be surprised if this particular move is about lock-in.

It never is. Whenever somebody modifies standard technology to suit themselves, they get accused of trying to create lockin. That's what happened when Phil Katz [wikipedia.org] decided he could redo the ARC format faster and smaller. That's what happened when Anders Hejlsberg [wikipedia.org] decided he couldn't live with Java's limitations [zdnet.com]. Netscape and HTML. Microsoft and HTML, CP/M, x86....

Lockin does usually occur when people do things in a different way, and the different way ends up being the de facto standard. But that's not why they do them. They do them because developers just plain like to do things their own way.

In the case of Google's "white list" this doesn't even come close to being lockin, because any application that will run on Google's classes will run on "standard Java". Sun's problem is that the reverse isn't true. And I'm not sure that really matters. Unless I've missed something, the missing classes are all legacy cruft that should have been deleted from Java long ago.

So why haven't they been? Lack of will. One Java core engineer told me that Sun got in trouble when they even deprecated an API, never mind removing a whole class. People just don't want to fix up all their legacy code, and Sun was too anxious to monetize Java to stand up to them.

Google has more flexibility, since they don't need for their version of the Java platform to make money anytime soon.

Sun's problem is that they are working up to the general launch of their cloud computing services, and Google AppEngine supporting more than just Python makes it that much harder for any new launch to get traction.

the missing classes are all legacy cruft that should have been deleted from Java long ago.

So why haven't they been? Lack of will.

I think I can speak a bit about legacy code. Where I work there are some old apps written in FORTRAN-77. Yes, I know the current name of that language isn't written all-caps anymore, but that's the whole point: the code is still all-caps, it was written in 1977 and never rewritten since then.

There's a bunch of old engineers who aren't old enough to retire who insist on keeping tha

Most of what's wrong with FORTAN got designed in 50 years ago. Plus they're mostly part of the fundamentals of the language. Maintaining compilers that handle ancient FORTRAN design mistakes (FORTRAN was the very first high-level language, and taught all subsequent language designers a lot about how not to go about it) is one thing. Removing a class from Java is quite another. It's completely different from changing a language feature, which Sun is very very conservative about doing.

Subtle yet important difference to me, Microsoft released something that did include the 'full set' plus some but didn't work the same as the specs said it should.

Google simply didn't release a full set.

And where Microsoft pulled their stunt to kill Java, I imagine Google did it for technical reasons (i.e. trying to lock down the sandbox) since they have said they want to add more classes to the list of allowed ones.

I used to hate Java (and JavaScript) because it took forever to load, turning a screaming fast Internet connection into a rush hour exercise in patience, but they improved that and I started singing the praises of Java and JavaScript. Then I found that even though JavaScript is still good, Java now drives me crazy

You know this already, but Java and Javascript are technologies that are not related to each other in any way, apart from the unfortunate naming. Javascript is as close to C as it is to Java.

So your blaming Sun for Ciscos ineptitude. I have code written under the 1.0.2 Java SDK that still runs under Java 1.6. There again, unlike Cisco's engineers I understood what portability was, because I was targeting SunOS as well as Windows.

It is. Although "write properly once - run anywhere" would probably be more accurate.

Dont blame the developer if a new JVM breaks a java app.

Most issues I have seen with a new JVM breaking a java app is because the app developer was doing something they weren't supposed to. (using com.sun classes, relying on undocumented, "undefined" behavior, etc) If you code to the spec, and only expect methods to do what they say they'll do in the documentation, chances of a new JVM breaking your application are very slim.

As far as I'm concerned, Sun (or anyone complicit in their activities re: Java) lost all right to bitch about this once every new version of Java consistently broke backwards compatibility with previous versions.

In some aspects, it is the fundamental deficiency of Java the language. Because all methods are implicitly virtual and all overrides are also implicit, and because override resolution happens at class load time, not at compile time (i.e. if Derived.class derives from Base.class, and both have method void foo(), then Derived.foo will override Base.foo - even if, when Derived.class was compiled, Base.class didn't contain foo yet), you get a specific case of fragile base class problem [wikipedia.org] in Java that's effectivel

Sun actually is launching their own cloud computing environment this summer, and has been announcing tie-ins to a lot of their existing products for it ("Save to Cloud", "Load from Cloud" in OpenOffice.org, Cloud related functionality in Netbeans 6.7, etc.) If their attempts to market their cloud offerings fall flat (which AppEngine supporting more than just Python makes somewhat more likely, as they have more competition, though I think Amazon